VelocityGuard

This plugin is a port of the plugin BungeeGuard by lucko and functions nearly identically to his version. The aim of the plugin is to verify that the incoming connections to your Spigot (backend) servers are actually coming from your Velocity instance.

Velocity has a neat feature called modern forwarding but that feature isn’t available in server versions below 1.13 putting those who either don’t know how to properly set up firewalls or those who are prone to proxy impersonation attacks at risk of attack. Because of the VelocityGuard system, these attacks are rendered useless or impractical.

Common issues (read this before continuing)

Please don’t confuse VelocityGuard with Velocity’s built in modern forwarding, VelocityGuard is meant to solve a completely different problem

The best way to have VelocityGuard set up is to have your Velocity instance have it’s forwarding mode set to legacy and have your backend server’s bungeecord mode enabled.

If you’re using PaperSpigot please do NOT use the paper.ymlvelocity-support configuration entry as it’s not the same thing as VelocityGuard.

Installation

On your Velocity proxies

Copy the velocityguard-proxy.jar file to the Velocity plugins folder
and then proceed to restart the proxy.

Inside the plugins folder there should be a new folder calledvelocityguard. Open the file called token.json inside thevelocityguard folder and copy down the value of token (Your token
should be 64 characters long).

On each of your servers

Copy the velocityguard-backend.jar file into your plugins folder and
restart the server.

Inside the plugins (or the config directory for the Sponge users)
folder there should be a new folder called velocityguard. Open
the file config.yml inside the velocityguard folder.

Add the token(s) generated by your proxy(-ies) to the allowed-tokens list.

Support

Feel free to contact me on discord at KuNet#0001 for any feature request or support request. Feature requests can be replied here. Please don’t ask the Velocity Discord for help, this is not an official velocity-made plugin so they cannot offer the same level of support

Download Links

Direct download links hosted on file sharing websites will not be posted here due to risks such as:

They could possibly be faked or backdoored

It may not have the latest version which may contain possible security risks

As VelocityGuard is a security plugin, it’s vital that the downloads are in a maintained, safe and publicly monitored location. As such, the download instructions will be below.

Head over to the Actions tab at the top of VelocityGuard’s repository and open the latest one with a check mark. From there there should be an Artifacts section with a link to download the zip file containing the jars.

You don’t need to use this plugin if you’re using anything above 1.13 (Paper) because Velocity has an option named Modern Forwarding which basically has the same effect as using VelocityGuard. This plugin was built with the intention of supporting versions below 1.13 paper so that those servers would be more secure.

There are scenarios where a network could be running a 1.13+ server in addition to 1.12 or lower, and in which case their proxy would need to run in legacy mode. Just because a server can run modern doesn’t mean you should assume that it will.